Publish Advisories

GHSA-j47g-6v72-x3wr
GHSA-3224-p867-265f
GHSA-3h75-x2ww-p6ww
GHSA-4jxf-pwgr-9m4j
GHSA-4v56-g6h4-6655
GHSA-55xf-4pmg-v3xm
GHSA-68cf-j259-wgr8
GHSA-6rvw-w3xj-gg67
GHSA-77xw-22r9-95g2
GHSA-8vx8-439w-j8j5
GHSA-9953-hw28-xvx7
GHSA-fv8r-cjf4-v929
GHSA-hmg7-v7c7-65qj
GHSA-pg8p-25c5-3f44
GHSA-pgmp-w8v7-hhfx
GHSA-q7q5-p52h-85m5
GHSA-r3qv-6v6v-622r
GHSA-r58x-2c7j-vfm9
GHSA-r9gx-29q7-44rw
GHSA-wmc4-44hv-rxcc

Author: advisory-database[bot]

advisories/unreviewed/2025/11/GHSA-j47g-6v72-x3wr/GHSA-j47g-6v72-x3wr.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j47g-6v72-x3wr",
-  "modified": "2025-11-12T18:31:26Z",
+  "modified": "2026-02-25T06:31:14Z",
   "published": "2025-11-12T18:31:26Z",
   "aliases": [
     "CVE-2025-65001"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-FCCL-2025-072319-Security-Notice.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://ydinkin.substack.com/p/200-kernel-bugs-in-30-days"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/02/GHSA-3224-p867-265f/GHSA-3224-p867-265f.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3224-p867-265f",
+  "modified": "2026-02-25T06:31:15Z",
+  "published": "2026-02-25T06:31:15Z",
+  "aliases": [
+    "CVE-2026-3100"
+  ],
+  "details": "Improper Certificate Validation vulnerability in ASUSTOR ADM FTP Backup on Linux, x86, ARM, 64 bit allows Sniffing Attacks.This issue affects ADM: from 4.1.0 through 4.3.3.ROF1, from 5.0.0 through 5.1.2.RE51.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3100"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.asustor.com/security/security_advisory_detail?id=53"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-295"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-25T06:16:26Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-3h75-x2ww-p6ww/GHSA-3h75-x2ww-p6ww.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3h75-x2ww-p6ww",
+  "modified": "2026-02-25T06:31:15Z",
+  "published": "2026-02-25T06:31:15Z",
+  "aliases": [
+    "CVE-2026-25785"
+  ],
+  "details": "Path traversal vulnerability exists in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25785"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN79096585"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.motex.co.jp/news/notice/2026/release260225"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-25T06:16:25Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-4jxf-pwgr-9m4j/GHSA-4jxf-pwgr-9m4j.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4jxf-pwgr-9m4j",
+  "modified": "2026-02-25T06:31:15Z",
+  "published": "2026-02-25T06:31:15Z",
+  "aliases": [
+    "CVE-2026-3163"
+  ],
+  "details": "A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function file_get_contents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3163"
+    },
+    {
+      "type": "WEB",
+      "url": "https://medium.com/@hemantrajbhati5555/ssrf-vulnerability-in-sourcecodester-website-link-extractor-v1-0-5df6bb708f5e"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347670"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347670"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.758932"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-25T06:16:26Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-4v56-g6h4-6655/GHSA-4v56-g6h4-6655.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4v56-g6h4-6655",
+  "modified": "2026-02-25T06:31:15Z",
+  "published": "2026-02-25T06:31:15Z",
+  "aliases": [
+    "CVE-2026-3150"
+  ],
+  "details": "A security vulnerability has been detected in itsourcecode College Management System 1.0. This affects an unknown part of the file /admin/display-teacher.php. The manipulation of the argument teacher_id leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3150"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Zhangchao404/cve/issues/2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://itsourcecode.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347658"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347658"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.758829"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-25T05:17:29Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-55xf-4pmg-v3xm/GHSA-55xf-4pmg-v3xm.json

@@ -0,0 +1,68 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-55xf-4pmg-v3xm",
+  "modified": "2026-02-25T06:31:15Z",
+  "published": "2026-02-25T06:31:15Z",
+  "aliases": [
+    "CVE-2026-3147"
+  ],
+  "details": "A vulnerability was found in libvips up to 8.18.0. This affects the function vips_foreign_load_csv_build of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch is identified as b3ab458a25e0e261cbd1788474bbc763f7435780. It is advisable to implement a patch to correct this issue.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3147"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/libvips/libvips/issues/4874"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/libvips/libvips/issues/4874#issue-3943617697"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/libvips/libvips/pull/4894"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/libvips/libvips/commit/b3ab458a25e0e261cbd1788474bbc763f7435780"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/libvips/libvips"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.347653"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.347653"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.758692"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-25T04:16:05Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-68cf-j259-wgr8/GHSA-68cf-j259-wgr8.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-68cf-j259-wgr8",
+  "modified": "2026-02-25T06:31:15Z",
+  "published": "2026-02-25T06:31:14Z",
+  "aliases": [
+    "CVE-2026-27744"
+  ],
+  "details": "The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment rendering (#ENV**), which disables SPIP output filtering. As a result, an unauthenticated attacker can inject crafted content that is evaluated through SPIP's template processing chain, leading to execution of code in the context of the web server.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27744"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.spip.net/spip-contrib-extensions/tickets/-/commit/869935b6687822ed79ad5477626a664d8ea6dcf7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.spip.net/tickets"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/spip-tickets-unauthenticated-rce"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-25T04:16:04Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-6rvw-w3xj-gg67/GHSA-6rvw-w3xj-gg67.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6rvw-w3xj-gg67",
+  "modified": "2026-02-25T06:31:15Z",
+  "published": "2026-02-25T06:31:15Z",
+  "aliases": [
+    "CVE-2026-27745"
+  ],
+  "details": "The SPIP interface_traduction_objets plugin versions prior to 4.3.3 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because fields prefixed with an underscore bypass protection mechanisms and the hidden content is rendered with filtering disabled, an authenticated attacker with editor-level privileges can inject crafted content that is evaluated through SPIP's template processing chain, resulting in execution of code in the context of the web server.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27745"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.spip.net/spip-contrib-extensions/interface_traduction_objets/-/commit/db3417b7811774f04c3ff191ca1737fe660ef0be"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.spip.net/interface_traduction_objets"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/spip-interface-traduction-objets-authenticated-rce"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-25T04:16:05Z"
+  }
+}